I. Field
The present invention generally relates to communications, and more particularly, to secure and private communications using shared secrets generated from context limited information.
II. Background
The use of shared secrets is common for communications that are intended to be secure or private. In a typical shared secret scheme, a common secret known only to the communicating entities is shared, which secret is relied upon by the communicating entities to establish a trust relationship. A party without the shared secret is excluded from the trust relationship.
The shared secret can either be permanent or temporary. A temporary shared secret can be used to protect a communication for a limited period. For example, the temporary shared secret can be good only for a one-time transaction.
To provide an extra level of security, very often, a temporary secret is derived from a permanent secret. In such an arrangement, the temporary secret is used as the basis for establishing the trust relationship. For instance, a party seeking to establish a trust relationship with a corresponding party may use the temporary secret, which is shared with the corresponding party as key material for cryptographic communications with the corresponding party.
As for the permanent secret, sometimes called the master secret, it is rarely unrestrictively shared. By way of example, in a mobile communication setting, a master secret is shared only between the subscriber unit and the subscriber's home carrier. When the subscriber unit requests services via secure communications from a third party, the subscriber unit generates a temporary secret from the master secret. At the same time, the subscriber unit also sends a request to the home carrier which in turn generates the same temporary secret from the shared master secret. Again, the temporary secret forms the basis of the trust relationship between the subscriber and the third party. For instance, both the subscriber unit and the home carrier may generate from the temporary secret, among other things, an encryption key which is then made available to the service provider. Cryptographic communications between the subscriber unit and the service provider can be exchanged thereafter.
The rationale for deriving a temporary secret from the master secret is to curtail likelihood of revelation of the master secret. Derivation of the temporary secret from the master secret can be based on some prearranged algorithms between the subscriber unit and the home carrier.
The above-described security model is based on the assumption that any third party who may have access to any derived secret would have an interest in preserving the confidentiality of the derived secret. For instance, if the third party reveals the derived secret to yet another party, the confidence in purchasing services from the third party would be seriously jeopardized. As such, the third party would be adversely affected as a sustaining business entity, not to mention the legal consequences of revealing the secret.
However, there may be some parties that neither have the economical motivation nor ethical consideration in keeping the shared secret a secret. For example, if the derived secret is passed to a rogue party set up as a subscriber, the rogue party can use the derived secret to impersonate the legitimate subscriber and gain access to services which otherwise would be inaccessible to the rogue party. To compound the situation, additional sensitive information can further be revealed from the illegitimate access. The same holds true, if not with more severe consequences, is that the rogue party sets itself up as a service provider.
Accordingly, there is a need to provide a more secure communication scheme to prevent the revealing and misuse of derived secrets.